Handle access denied for application pages

Within SharePoint you have the ability to create custom application pages. Application pages remain in the layouts folder of SharePoint. Each user can access these pages by typing in the URL in the explorer bar.

When you would navigate to one of these pages and you do not have enough rights, you would expect that you would be redirected to the access denied page. This is does not happen.

You can try this with a user that has minimal rights and navigate to the following page /_layouts/srchvis.aspx (An out of the box application page for settings the search visibility). You will see that the page gets rendered.

When you create a custom application page you can work around by doing the following:

  protected override void OnLoad(EventArgs e) {
  base.OnLoad(e);

  if (SPContext.Current.Web.UserIsWebAdmin) {
      if (!Page.IsPostBack) {
         //perform your actions
      }
  }
  else {
       SPUtility.HandleAccessDenied(new Exception("You do not have access to this page."));
    }
  } 

In the OnLoad of your page you can check whether the user has sufficient rights. In the example I perform this action by checking if the user is a site admin.

When the user hasn’t sufficient rights you can redirect him to the access denied page of SharePoint by using the HandleAccessDenied() method of the SPUtility class.

Related Posts

Article in TechNet Magazine For the Dutch TechNet magazine I wrote an article about the security within SharePoint. This is my first TechNet article and I think it has turned ou...
Disabling the MySite link for all your users Did you ever have a problem with your my site? Well we did! The customer wanted a Citrix webpart on their my site. I did not recommend it but still t...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.